In a strange turn of event, it has emerged that the FBI had managed to get hold of REvil’s universal ransomware decryptor key three weeks before sharing it with victims.
Although the agency has not officially confirmed the claims, an anonymous source told the Washington Post (WP) that the FBI withheld the keys so as to not tip off REvil.
“The questions we ask each time are: What would be the value of a key if disclosed? How many victims are there? Who could be helped? And on the flip side, what would be the value of a potential longer-term operation in disrupting an ecosystem? Those are the questions we will continue to have to balance,” reasoned the unnamed source.
- These are the best ransomware protection tools
- Here’s our roundup of the best cloud backup services
- Also check our list of the best data loss prevention services
It appears the FBI was gearing to launch a campaign to take down the notorious ransomware. However, before the agency could make a move, REvil pulled the plug on its operations on its own accord.
My precious
The reports come after cybersecurity firm Bitdefender recently released a universal decryptor for REvil victims, claiming to have made it together with a “trusted law enforcement partner” that it failed to identify.
Interestingly, the existence of a universal decryptor was first shared by a REvil representative, after the gang suddenly decided to get back into action after staying offline for nearly two months.
“One of our coders misclicked and generated a universal key, and issued the universal decryptor key along with a bunch of keys for one machine,” wrote REvil’s new representative in the Russian-post translated by security researchers at Flashpoint.
Flashpoint researchers have observed REvil trying to rebuild its reputation with former collaborators, who weren’t pleased with their sudden disappearance, prompting security researchers to urge clients to brace for a new round of REvil attacks.
- Check our list of the best disaster recovery services
VIa Washington Post
